Failed (re-)authentification after some time...

Jan Zacharias janz at dfki.de
Thu Sep 2 12:01:55 CEST 2010


Hey Alan! 


Alan DeKok <aland at deployingradius.com> hat am 1. September 2010 um 15:46
geschrieben:

> Jan Zacharias wrote:
> > To speed up the debugging, I introduced a sleep of varying duration in
> > the ntlm_auth_wrapper.
> >
> > I found that freeradius kills the ntlm stuff if it takes longer than ten
> > seconds to complete.
>
>   Yes.  Any child script which takes that long is broken.
No, it can also be just someone pulling a network cord/routing changes etc.etc.

 

>
> > My suggestion is that we introduce a configuration variable
> > ntlm_auth_retries so that freerad kills the process,
>
>   No.  You can write a shell script wrapper around ntlm_auth that does:
>
> - fork ntlm_auth
> - wait 1s for it to return
>   - if it doesn't return, kill it
>   - try to fork it again
Yeah sure, this was also my first idea, but i'm still limited to ten seconds
then :(

 

> > > What do you think, Alan? Anyone else?
>
>   This isn't a server problem, and changing the server isn't necessary.
Sure it's not a problem, but it would improve reliability and robustness.

 

This is not about finger pointing or so, I just want to help make freerad even
better :)

 
Best, Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100902/776c8134/attachment.html>


More information about the Freeradius-Users mailing list